ClawHub

graphthulhu

Security checks across malware telemetry and agentic risk

Overview

This skill is a disclosed Logseq/Obsidian MCP integration, but it gives an agent read-write access to the specific knowledge graph you configure.

Install only if you trust the external graphthulhu binary and want an agent to access the configured vault or Logseq graph. Keep backups or version control, protect the Logseq token, keep the API bound to localhost, avoid vaults containing unrelated secrets, and review destructive or bulk-edit requests before approving them.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (2)

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The skill explicitly advertises full read-write support, including update, delete, move, and bulk modification operations, but does not clearly warn users that connecting this server grants an agent the ability to alter or destroy notes. In an MCP context, this matters because users may assume a knowledge tool is primarily read-oriented, while the exposed capabilities enable irreversible data changes if misused, prompted accidentally, or invoked by a compromised agent.

Missing User Warnings

Medium
Confidence
88% confidence
Finding
The Logseq setup instructs users to place an API token into configuration and connect to a local HTTP API, but provides no warning that the token is sensitive or that enabling the API expands the local attack surface. If users expose the service beyond localhost, mishandle the token, or share config files, an attacker or over-privileged agent could gain access to read and modify graph data through the Logseq API.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal